Title

The Apache Tomcat shutdown port must be disabled. (Cat II impact)

Discussion

Tomcat uses a port (defaults to 8005) as a shutdown port. Someone could Telnet to the machine using this port and send the default command SHUTDOWN. Tomcat and all web apps would shut down in that case, which is a denial of service attack and would cause an unwanted service interruption.

Check Content

Verify the shutdown port is disabled. Log in to the EMM Suite server. Browse to Program Files\Isec7 EMM Suite\Tomcat\Conf Open the server.xml with Notepad.exe Select Edit >> Find and search for Shutdown. Verify that the shutdown port has been disabled with below entry: shutdown="-1" If the shutdown port has not been disabled, this is a finding.

Fix Text

Log in to the EMM Suite server. Browse to Program Files\Isec7 EMM Suite\Tomcat\Conf Open the server.xml with Notepad.exe Select Edit >> Find and search for Shutdown. Change the shutdown to -1 example: shutdown=-1 Save the file and restart the Isec7 EMM Suite Web service with the services.msc

Additional Identifiers

Rule ID: SV-224789r505933_rule

Vulnerability ID: V-224789

Group Title: SRG-APP-000380

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.